Example 86 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method minAge.
/**
* PT1
* <p>
* 5.2.2 pwdMinAge
* <p>
* This attribute holds the number of seconds that must elapse between
* modifications to the password. If this attribute is not present, 0
* seconds is assumed. "chg"
*
* @param msg
* @param newusr
* @param oldusr *
* @param plcy
*/
public void minAge(String msg, String[] oldusr, String[] newusr, String[] plcy) {
LogUtil.logIt(msg);
try {
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
User oldUser = UserTestData.getUser(oldusr);
oldUser.setPwPolicy(PolicyTestData.getName(plcy));
adminMgr.updateUser(oldUser);
TestUtils.sleep(PolicyTestData.getMinAge(plcy));
adminMgr.changePassword(UserTestData.getUser(oldusr), UserTestData.getPassword(newusr));
User newUser = UserTestData.getUser(newusr);
try {
newUser.setPassword("changed");
adminMgr.changePassword(UserTestData.getUser(newusr), newUser.getPassword());
fail(CLS_NM + ".minAge name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(oldusr) + "] failed min age test");
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".minAge invalid error message userId [" + UserTestData.getUserId(oldusr) + "]", ex.getErrorId() == GlobalErrIds.PSWD_CONST_VIOLATION);
// still good
TestUtils.sleep(PolicyTestData.getMinAge(plcy));
adminMgr.changePassword(UserTestData.getUser(newusr), newUser.getPassword());
}
} catch (SecurityException ex) {
LOG.error("minAge caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 87 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreatePermSample method testAddShoppingCartObjects.
/**
*/
public static void testAddShoppingCartObjects() {
String szLocation = ".testAddShoppingCartObjects";
try {
// Instantiate the AdminMgr first
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Now Instantiate the Object
PermObj shoppingCart = new PermObj("ShoppingCart", "KillerBikes.com");
// Add it to the directory
adminMgr.addPermObj(shoppingCart);
// Now create the permission operations and grant...
Permission create = new Permission(shoppingCart.getObjName(), "create");
adminMgr.addPermission(create);
adminMgr.grantPermission(create, new Role("Customer"));
Permission read = new Permission(shoppingCart.getObjName(), "read");
adminMgr.addPermission(read);
adminMgr.grantPermission(read, new Role("Customer"));
Permission update = new Permission(shoppingCart.getObjName(), "update");
adminMgr.addPermission(update);
adminMgr.grantPermission(update, new Role("Admin"));
Permission delete = new Permission(shoppingCart.getObjName(), "delete");
adminMgr.addPermission(delete);
adminMgr.grantPermission(delete, new Role("Manager"));
Permission checkout = new Permission(shoppingCart.getObjName(), "checkout");
adminMgr.addPermission(checkout);
adminMgr.grantPermission(delete, new Role("Customer"));
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
PermObj(org.apache.directory.fortress.core.model.PermObj)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 88 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateRoleHierarchySample method testCreateAscendantRoles.
/**
* Demonstrate a child to parent Role structure of one-to-many. To use this API, the child Role must be created before
* the call to addAscendant which will Add a new Role node and set a Role relationship with child node.
* <p>
* <img src="./doc-files/HierRoleAscendants.png" alt="">
*/
public static void testCreateAscendantRoles() {
String szLocation = ".testCreateAscendantRoles";
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Instantiate the Role entity.
Role childRole = new Role(TEST_HIER_ASC_ROLE_PREFIX + 1);
// This child will have many parents:
adminMgr.addRole(childRole);
// Create roles, sampleHierRoleA2 - sampleHierRoleA10
for (int i = 1; i < TEST_NUMBER; i++) {
// Now add Role relationship to the directory between parent and child Roles.
Role parentRole = new Role(TEST_HIER_ASC_ROLE_PREFIX + (i + 1));
adminMgr.addAscendant(childRole, parentRole);
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 89 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateRoleHierarchySample method testCreateDescendantRoles.
/**
* Demonstrate a parent to child Role structure of one-to-many. The parent Role must be created before
* the call to addDescendant which will Add a new Role node and set a Role relationship with parent node.
* <p>
* <img src="./doc-files/HierRoleDescendants.png" alt="">
*/
public static void testCreateDescendantRoles() {
String szLocation = ".testCreateDescendantRoles";
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Instantiate the Role entity.
Role parentRole = new Role(TEST_HIER_DESC_ROLE_PREFIX + 1);
// This parent will have many children:
adminMgr.addRole(parentRole);
// Create roles, sampleHierRoleD2 - sampleHierRoleD10
for (int i = 1; i < TEST_NUMBER; i++) {
// Now add Role relationship to the directory between parent and child Roles.
Role childRole = new Role(TEST_HIER_DESC_ROLE_PREFIX + (i + 1));
adminMgr.addDescendant(parentRole, childRole);
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 90 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateRoleHierarchySample method testDeleteDescendantRoles.
/**
* Demonstrate teardown of a parent to child relationship of one-to-many. Each child must first remove the inheritance
* relationship with parent before being removed from ldap. The parent Role will be removed from ldap last.
* Role removal will trigger automatic deassignment from all Users or revocation of Permission as well.
* <p>
* <img src="./doc-files/HierRoleDescendants.png" alt="">
*/
public static void testDeleteDescendantRoles() {
String szLocation = ".testDeleteDescendantRoles";
if (AllSamplesJUnitTest.isFirstRun()) {
return;
}
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// This parent has many children. They must be deleted before parent itself can.
Role parentRole = new Role(TEST_HIER_DESC_ROLE_PREFIX + 1);
// There are 10 Roles to process:
for (int i = 2; i < TEST_NUMBER + 1; i++) {
Role childRole = new Role(TEST_HIER_DESC_ROLE_PREFIX + i);
adminMgr.deleteInheritance(parentRole, childRole);
// Remove the child Role from directory along with associated assignments:
adminMgr.deleteRole(childRole);
LOG.info(szLocation + " role [" + childRole.getName() + "] success");
}
// Remove the parent Role from directory along with associated assignments:
adminMgr.deleteRole(parentRole);
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Aggregations
AdminMgr (org.apache.directory.fortress.core.AdminMgr)104
SecurityException (org.apache.directory.fortress.core.SecurityException)89
Role (org.apache.directory.fortress.core.model.Role)40
User (org.apache.directory.fortress.core.model.User)39
UserRole (org.apache.directory.fortress.core.model.UserRole)35
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)27
Permission (org.apache.directory.fortress.core.model.Permission)18
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)16
SDSet (org.apache.directory.fortress.core.model.SDSet)12
DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)11
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)7
PermObj (org.apache.directory.fortress.core.model.PermObj)7
AccessMgr (org.apache.directory.fortress.core.AccessMgr)6
PermissionAttributeSet (org.apache.directory.fortress.core.model.PermissionAttributeSet)3
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)1
FinderException (org.apache.directory.fortress.core.FinderException)1
AdminRole (org.apache.directory.fortress.core.model.AdminRole)1
Session (org.apache.directory.fortress.core.model.Session)1
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)1
